Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: added --- sni Support TLS http2 and SNI #68

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

vislee
Copy link

@vislee vislee commented Sep 23, 2017

No description provided.

@@ -2121,8 +2121,11 @@ sub gen_curl_cmd_from_req ($$) {
push @args, '-sS';
}

if (use_http2($block)) {
my $isHttp2 = use_http2($block);
if ($isHttp2 && $isHttp2 == 1) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not use "camel case" identifier names in this Perl project. We use "snake case" consistently.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I'll change it.

@@ -2499,6 +2502,11 @@ sub use_http2 ($) {
bail_out("cannot use --- http2 with --- pipelined_requests");
}

if (defined $block->sni) {
$block->set_value("test_nginx_enabled_http2_sni", 1);
return 2;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use_http2 function returns a boolean value. It's not a good idea to make it return more complex encodings.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I'll change it.

@@ -2193,6 +2196,10 @@ sub gen_curl_cmd_from_req ($$) {
$link = "http://$server:$port$uri";
}

if (use_http2($block) == 2) {
$link = "https://$ServerName:$ServerPortForClient$uri";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SSL support need proper server certificate and private keys. And it's a burden for the test writer to prepare such things themselves. We should make HTTP/2 over TLS test mode work on most of the existing test suite written for HTTP/1. So we should automatically generate such self-signed server certificate/key pair ourselves in the test scaffold.

@@ -3991,6 +3998,10 @@ One can enable HTTP/2 mode for an individual test block by specifying the L<http

--- http2

Enable SNI mode for an individual test block by specifying the L<sni> section, as in

--- sni
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm afraid --- tls is a better name than --- sni since we are not specifying a concrete SNI name here anyway.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your review and comments. I'll change it.

@@ -2864,6 +2873,7 @@ The following sections are supported:
=head2 http2

Enforces the test scaffold to use the HTTP/2 wire protocol to send the test request.
Also, you can set tls section using the HTTP/2 over TLS protocol and SNI(Server Name Indication).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we really need to mention SNI here? It can be implicit I think. The user cannot specify their own SNI names now anyway.

@@ -2191,6 +2196,10 @@ sub gen_curl_cmd_from_req ($$) {
my $server = $ServerAddr;
my $port = $ServerPortForClient;
$link = "http://$server:$port$uri";
if (use_http2($block) && defined $block->tls) {
my $server_name = $ServerName;
$link = "https://$server_name:$port$uri";
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I mentioned in my previous round of review, the test scaffold should automatically generate self-signed server certificate and key files and automatically make use of them in the automatically generated nginx.conf. All such details should be transparent. Also, we can introduce a TEST_NGINX_USE_HTTP2_TLS=1 system environment to enable this for any existing tests without any edits in the tests themselves?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@agentzh I think it can be split into two parts. Listening on HTTPS/2 and making HTTPS/2 requests from Test::Nginx.

I have tests that are using custom certificates and want to keep it that way, but would like to make HTTPS/2 request from Test::Nginx to verify them. IMO those are two different problems.

I see the workaround in ssl_certificate_by_lua tests (using cosockets), but having first class support in Test::Nginx would be nice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants